Trick or Treat – how criminals infect your computer

Often when I hear someone telling someone else about how their computer got infected with malware, someone will chime in with “you’ve gotta be careful.” In order to “be careful” you have to know what the dangers are and the tricks criminals will use to infect your computer.

Before we get in to that, many people are probably wondering why they want to infect your computer. The answer is pretty simple, money. In November 2013 we saw the first cases of a new category of malware called Ransomware. The Trojan horse is called Cryptolocker. If your computer gets infected with this malware, it will encrypt your files and then force you to pay a ransom if you want them back. Another reason they might want to infect your computer is to use your computer to attack other computers or send spam. That way your computer will get blocked from the internet and not theirs.

The Search Poison

So how do they infect your computer? One way is to trick you in to installing their malware. Google now lets companies bid on key words. Malware purveyors have used this to their advantage by bidding on keywords for commonly downloaded applications and tricking you in to installing their infected application. You might not even notice when they are done since they will also install the application you were looking for as well. Even Google has fallen victim to this attack. If they can’t protect themselves, other companies don’t stand a chance. Take a look at the example below:

Notice how the second link takes you to www.gchrome-app.com/GoogleChrome instead of www.google.com/chrome, which is the real site. Protect yourself by looking at the address and see if it matches the company that produced the application.

Another way they trick you is to create a pop up on another site that says you need to download something. If a pop up comes up that says you need to download something, close it and go to the site by typing the address in the address bar. For example to get Adobe Flash player you would go to: www.adobe.com/flash

In the example below they trick you in to going to their site and putting in your username and password. What they then do, is take control of your email and then go to sites like Amazon and PayPal and try to empty your accounts. Even if you have different passwords to those sites, they’ll just use the password reset links to reset your passwords on those sites.

In this one they create an email about a phony order and make it seem like you’re going to lose money. If you go to the site, they will ask for your credit card number “to credit your account” but once they have it, they will use it to buy some stuff of their own – usually months later because they know that for that month you will be checking your statement for the phony Walmart charge. Here again, if you hover over the link, you will see that it doesn’t take you to Walmart.com where you would expect it to go if it was legitimate.

This one takes advantage of people using the same password for every site. The site will say something “the first 200 people to register will win an iPad” or something like that. You register by putting in your email address and creating a password. They then try your email address and password on other sites to see if you used the same one.